XSS in getrush.uber.com
Unknown
Vulnerability Details
'' 'https://getrush.uber.com/business?utm_campaign=tttttt%27%3C/script%3E%3Cscript%3Ealert(0)%3C/script%3E&utm_medium=top&utm_source=website'''
You need to escape the utm_campaign parameter before rendering it in the HTML.
Thanks,
David Dworken
Actions
View on HackerOneReport Stats
- Report ID: 125112
- State: Closed
- Substate: resolved
- Upvotes: 4